#1662 - Secured draft/archived content

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@44555 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Sam Minnee 2007-11-09 03:42:04 +00:00
parent 2c8e304294
commit 15eff6e217
2 changed files with 14 additions and 4 deletions

View File

@ -85,13 +85,23 @@ class ContentController extends Controller {
}
singleton('SiteTree')->extend('contentcontrollerInit', $this);
Director::set_site_mode('site');
// Check permissions
// Check page permissions
if($this->dataRecord && $this->URLSegment != 'Security' && !$this->dataRecord->can('View')) {
Security::permissionFailure($this);
}
// Draft/Archive security check - only CMS users should be able to look at stage/archived content
if($this->URLSegment != 'Security' && (Versioned::current_archived_date() || (Versioned::current_stage() && Versioned::current_stage() != 'Live'))) {
if(!Permission::check('CMS_ACCESS_CMSMain')) {
$link = $this->Link();
$message = _t("ContentController.DRAFT_SITE_ACCESS_RESTRICTION", "You must log in with your CMS password in order to view the draft or archived content. <a href=\"%s\">Click here to go back to the published site.</a>");
Security::permissionFailure($this, sprintf($message, "$link?stage=Live"));
return;
}
}
}
/**
@ -180,7 +190,7 @@ class ContentController extends Controller {
public function SilverStripeNavigator() {
$member = Member::currentUser();
if(Director::isDev() || ($member && $member->isCMSUser())) {
if(Director::isDev() || Permission::check('CMS_ACCESS_CMSMain')) {
Requirements::css('sapphire/css/SilverStripeNavigator.css');
Requirements::javascript('jsparty/behaviour.js');

View File

@ -99,7 +99,7 @@ class Security extends Controller {
* permission to
* access the item.
*/
static function permissionFailure($controller, $messageSet = null) {
static function permissionFailure($controller = null, $messageSet = null) {
// Prepare the messageSet provided
if(!$messageSet) {
$messageSet = array(